blocking irc + botnets
ahlist at gmail.com
Thu Aug 4 19:04:12 CEST 2005
On 8/4/05, Jan Engelhardt <jengelh at linux01.gwdg.de> wrote:
> >We have servers that could get infected via poorly wrote user scripts. I
> Fix the servers. Don't let arbitrary scripts in.
please take this in a friendly manner :)
When I wrote my initial message, I knew somebody would give me this type of
reply (ie. secure your servers, smack the bad users)
However the fact is that in REAL LIFE, you will have users that use bad
scripts or even "good" script that have bugs (phpbb, etc, etc.).
I want to find a way to make sure that we have an extra layer of protection
to make sure our servers weren't DOS'ing other boxes - even if it was
only for a short time until an admin logged in to check the source of the
outgoing traffic spike.
Bottom line :
I simply want to get a good ruleset to share so that anyone who might ever
have a server compromised (even non-root, php-apache based stuff running as
nobody) could help
stop the outgoing bad traffic.
There is a lot of discussion on stopping things from coming into a server.
If those of us who run servers (I'm pointing the finger at myself!) would
take the extra effort to stop what can
possibly go out, it would solve a lot of the problems.
I don't have the knowledge to set this up in the best method. That's why I
Thanks to all!
More information about the netfilter